I.

Proposed Model

Data from mobile phones can be stored in cloud for efficient storage and easier access from different devices.
However, there is a considerable risk in storing data in clouds as the data resides outside the organizational
bounds. The Cloud Service Provider (CSP) can access the data and provide it to third parties. If we provide
access control rules then we have to rely on CSP for enforcing these rules.

The system allows the user to select images from his device which have to uploaded in cloud. Before uploading
the image, we can use encryption and steaganography techniques to modify the image so that the hacker is not
able to intercept the original image. Only selected users are given the permission to access the data by
decrypting, modifying and deleting the data in cloud.

Our model provides a data centric solution for protecting data in clouds. It makes use of cryptography and
authorization model for enforcing security. It uses a combination of proxy re-encryption (PRE) and identity
based encryption (IBE) for encrypting data. In PRE scheme, a proxy is used to re-encrypt an already encrypted
data. In IBE scheme, the identity of users is used as a key for encrypting data. For our model, we use identity
based proxy re-encryption(IBPRE) in which a ciphertext encrypted under a user’s identity is converted to
another ciphertext using another user’s identity.

An authorization model is used for defining access control rules for the data. It uses Role Based Access Control
(RBAC) scheme in which a particular role is granted a set of privileges. A user can be assigned to one or more
roles. The privileges define which user will be able to decrypt data and get access to its content.

II. Implementation

The encryption of data while uploading to the cloud follows the following series of steps:

(1) setup(pub, k)  (pub, msk)

(2) keygen(pub, msk, 𝑖𝑑𝑎 )  𝑠𝑘𝑒𝑦𝑎
(3) encrypt(pub, 𝑖𝑑𝑎 , txt)  𝑐𝑎
(4) rkgen(pub, 𝑠𝑘𝑒𝑦𝑎 ,𝑖𝑑𝑎 , 𝑖𝑑𝑏 )  𝑟𝑘𝑒𝑦𝑎𝑏
(5) reencrypt(pub, 𝑟𝑘𝑒𝑦𝑎𝑏 , 𝑐𝑎 )  𝑐𝑏
(6) decrypt(pub, 𝑠𝑘𝑒𝑦𝑎 , 𝑐𝑎 )  𝑡𝑥𝑡

(1)Initializes the cryptographic scheme by taking a security parameter k as input and outputs master secret key
msk and a set of public parameters pub. (2) takes msk and identity 𝑖𝑑𝑎 as input and outputs secret key 𝑠𝑘𝑒𝑦𝑎 for
that identity. (3) takes identity 𝑖𝑑𝑎 and plain text txt as input and outputs the encrypted ciphertext 𝑐𝑎 . (4)
generates re-encryption key 𝑟𝑘𝑒𝑦𝑎𝑏 by taking 𝑖𝑑𝑎 , 𝑖𝑑𝑏 and 𝑠𝑘𝑒𝑦𝑎 as input. (5) outputs the re-encrypted
ciphertext 𝑐𝑏 using, 𝑟𝑘𝑒𝑦𝑎𝑏 . (6) decrypts data and outputs plain text txt.

For enforcing access control on data, we use the Role Based Access Control (RBAC) scheme. This
authorization model uses the concept of Roles for assigning privileges to users. Each role is associated with a set
of privileges and each user can be assigned one or more roles. A privilege defines an action which can
performed on the object like access to data by decryption, modification, deletion etc. where an object can be any
image or document residing in cloud.